US20170289130A1 - Apparatus and method for authentication based on cognitive information - Google Patents

Apparatus and method for authentication based on cognitive information Download PDF

Info

Publication number
US20170289130A1
US20170289130A1 US15/168,430 US201615168430A US2017289130A1 US 20170289130 A1 US20170289130 A1 US 20170289130A1 US 201615168430 A US201615168430 A US 201615168430A US 2017289130 A1 US2017289130 A1 US 2017289130A1
Authority
US
United States
Prior art keywords
authentication
behavioral
information
contextual information
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US15/168,430
Other versions
US10805285B2 (en
Inventor
CheolYong PARK
HanJun YOON
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Electronics and Telecommunications Research Institute ETRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics and Telecommunications Research Institute ETRI filed Critical Electronics and Telecommunications Research Institute ETRI
Assigned to ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE reassignment ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PARK, CHEOLYONG, YOON, HANJUN
Publication of US20170289130A1 publication Critical patent/US20170289130A1/en
Application granted granted Critical
Publication of US10805285B2 publication Critical patent/US10805285B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/022Knowledge engineering; Knowledge acquisition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/61Time-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/68Gesture-dependent or behaviour-dependent

Definitions

  • the present invention relates generally to technology for authenticating an authentication target based on cognitive information and, more particularly, to a technique for authenticating an authentication target using behavioral and contextual information about the authentication target and cognitive information extracted from big data.
  • the ID/password authentication method performs authentication based on secret information that has been set in advance and shared between a user and a machine. Because the ID/password authentication method uses the preset password, it is advantageous in user convenience.
  • this method has limitations such as a problem related to the exposure of a password, inconvenience in which a password needs to be frequently changed in order to prevent the exposure thereof, a security vulnerability in storing and distributing information, and the like. Also, when setting a password between machines, a user must input the password.
  • the token-based authentication method may use a hardware authentication token or a software authentication token.
  • a One-Time Password (OTP) device is a hardware authentication token
  • an authentication certificate (X.509) is a software authentication token.
  • the hardware authentication token must be carried by a user in the form of physical hardware, it is disadvantageous from the aspects of portability and convenience. Also, when it is applied to a machine, the hardware authentication token needs to be mounted thereon, whereby hardware costs may increase.
  • the software authentication token is superior to the hardware authentication token from the aspects of portability and convenience. However, because the software authentication token is stored in a storage medium, it may be leaked. Also, when it is applied to a machine, a specialized program for operating the software authentication token is required.
  • the biometric authentication method authenticates a user based on unique biological characteristics or behavioral characteristics.
  • the biometric authentication method does not require that an authentication token be carried, or that a preset password be shared. Also, when biological information about a user is used, it has high security.
  • the biometric authentication method is disadvantageous in that it is difficult to construct and manage a system in which authentication is performed by analyzing patterns of biological characteristics or behavioral characteristics. Also, because unique biological information is used, when such information is exposed, there may be an insurmountable problem. Furthermore, the biometric authentication method cannot be used to authenticate machines.
  • an authentication method in which two or more single-factor authentication methods are combined is used.
  • an authentication method in which ID/password authentication is combined with a mobile phone authentication code and an authentication method that uses both a security token and an OTP card are mainly used.
  • Patent Document 1 Korean Patent Application Publication No. 10-2007-0008744, disclosed on Jan. 18, 2007 and titled β€œApparatus and method for generating a pattern for behavior-based user authentication”.
  • An object of the present invention is to provide an authentication service more conveniently and effectively than existing authentication methods.
  • Another object of the present invention is to provide mutual authentication service between users, between an object and a user, and between objects using big data.
  • a further object of the present invention is to enable secure authentication by using behavioral and contextual information as authentication information.
  • Yet another object of the present invention is to overcome problems with conventional authentication methods, resulting from loss, exposure, and damage of authentication information, and thereby to enable temporary authentication and to prevent unauthorized entities from being authenticated.
  • Still another object of the present invention is to provide a more effective and secure authentication service in combination with an existing authentication method.
  • an authentication apparatus based on cognitive information includes an authentication request reception unit for receiving a request to authenticate an authentication target, a behavioral and contextual information collection unit for collecting behavioral and contextual information corresponding to the authentication target, a cognitive information extraction unit for extracting cognitive information corresponding to the request from previously stored big data, and an authentication processing unit for authenticating the authentication target in consideration of the behavioral and contextual information based on extracted cognitive information.
  • the authentication processing unit may authenticate the authentication target by determining at least one of continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • the authentication processing unit may determine the continuity of the behavioral and contextual information in consideration of at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether a number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
  • the authentication processing unit may determine the authenticity of the behavioral and contextual information in consideration of whether the behavioral and contextual information is authentic information such that a change in the behavioral and contextual information is equal to or less than a threshold variation.
  • the authentication processing unit may determine the validity of the behavioral and contextual information by comparing a result of a change in the behavioral and contextual information with a result of a prediction corresponding to the behavioral and contextual information.
  • the authentication processing unit may determine the correctness by checking whether a change in a pattern of the behavioral and contextual information is correct based on the extracted cognitive information.
  • the previously stored big data may be collected using at least one of a location sensor, a beacon signal collection sensor, a bio-signal collection sensor, and an environment sensor, or the previously stored big data may be at least one of a kind of a network, a kind of an access network, and information about execution of an application, corresponding to the authentication target.
  • the authentication target may be at least one of a user to be authenticated and a device to be authenticated.
  • the authentication apparatus may further include an authentication result output unit for outputting a result of authentication of the authentication target.
  • the authentication processing unit may perform multi-factor authentication in combination with at least one of an ID/password-based authentication method, an authentication token-based authentication method, and a biometric authentication method.
  • an authentication method based on cognitive information performed by an authentication apparatus based on cognitive information, according to an embodiment of the present invention includes receiving a request to authenticate an authentication target, collecting behavioral and contextual information corresponding to the authentication target, extracting cognitive information corresponding to the request from previously stored big data, and authenticating the authentication target in consideration of the behavioral and contextual information based on the extracted cognitive information.
  • Authenticating the authentication target may be configured to authenticate the authentication target by determining at least one of continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • Authenticating the authentication target may be configured to determine the continuity of the behavioral and contextual information in consideration of at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether a number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
  • Authenticating the authentication target may be configured to determine the authenticity of the behavioral and contextual information in consideration of whether the behavioral and contextual information is authentic information such that a change in the behavioral and contextual information is equal to or less than a threshold variation.
  • Authenticating the authentication target may be configured to determine the validity of the behavioral and contextual information by comparing a result of change in the behavioral and contextual information with a result of prediction corresponding to the behavioral and contextual information.
  • Authenticating the authentication target may be configured to determine the correctness by checking whether a change in a pattern of the behavioral and contextual information is correct based on the extracted cognitive information.
  • the previously stored big data may be collected using at least one of a location sensor, a beacon signal collection sensor, a bio-signal collection sensor, and an environment sensor, or the previously stored big data may be at least one of a kind of a network, a kind of an access network, and information about execution of an application, corresponding to the authentication target.
  • the authentication target may be at least one of a user to be authenticated and a device to be authenticated.
  • the authentication method may further include outputting a result of authentication of the authentication target.
  • Authenticating the authentication target may be configured to authenticate the authentication target in combination with at least one of an ID/password-based authentication method, an authentication token-based authentication method, and a biometric authentication method.
  • FIG. 1 is a view schematically illustrating an environment in which a cognitive information-based authentication apparatus is applied according to an embodiment of the present invention
  • FIG. 2 is a block diagram illustrating the configuration of a cognitive information-based authentication apparatus according to an embodiment of the present invention
  • FIG. 3 is a flowchart illustrating a cognitive information-based authentication method according to an embodiment of the present invention
  • FIG. 4 is a flowchart illustrating a method for generating cognitive information according to an embodiment of the present invention.
  • FIG. 5 is a block diagram illustrating a computer system according to an embodiment of the present invention.
  • FIG. 1 is a view schematically illustrating an environment in which a cognitive information-based authentication apparatus is applied according to an embodiment of the present invention.
  • a cognitive information-based authentication apparatus 200 which receives a request to authenticate an authentication target 100 , collects behavioral and contextual information about the authentication target 100 from a data collection device 300 .
  • the cognitive information-based authentication apparatus 200 extracts cognitive information corresponding to the authentication target 100 from a big data repository 400 .
  • the cognitive information-based authentication apparatus 200 authenticates the authentication target 100 using the collected behavioral and contextual information about the authentication target 100 and the extracted cognitive information.
  • the authentication target 100 may be a person or an object, and as the authentication target 100 behaves or operates, behavioral and contextual information corresponding to the authentication target 100 may be generated.
  • the behavioral and contextual information about the authentication target 100 may include at least one of information about the location of the authentication target 100 , information about the movement of the authentication target 100 , information about a nearby beacon, information about a device connected thereto, information about a target to communicate therewith, information about a communication interface, weather information, environmental information, and information about circumstances.
  • the cognitive information-based authentication apparatus 200 receives a request to authenticate the authentication target 100 .
  • the cognitive information-based authentication apparatus 200 may receive the authentication request directly from the authentication target 100 .
  • the cognitive information-based authentication apparatus 200 regards it as the reception of a request to authenticate the authentication target 100 , and may then perform authentication.
  • the cognitive information-based authentication apparatus 200 collects behavioral and contextual information about the authentication target 100 and extracts cognitive information corresponding to an authentication request from previously stored big data. Then, the cognitive information-based authentication apparatus 200 authenticates the authentication target 100 using the behavioral and contextual information and the extracted cognitive information.
  • the cognitive information-based authentication apparatus 200 may authenticate the authentication target 100 by determining at least one of the continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • the data collection device 300 collects behavioral and contextual information about the authentication target 100 and delivers the collected information to the cognitive information-based authentication apparatus 200 .
  • the behavioral and contextual information collected by the data collection device 300 may be used to authenticate the authentication target 100 , or may be stored as big data.
  • the big data repository 400 stores cognitive information, which is a criterion for authenticating the authentication target 100 .
  • the cognitive information means big data generated in association with the behavior and context of a person or object
  • the big data repository 400 may collect and store big data by itself through a big data generation unit, or may store big data received from the outside.
  • the big data repository 400 continuously updates the big data, and may transmit big data corresponding to the authentication target 100 to the cognitive information-based authentication apparatus 200 upon receiving a request for cognitive information from the cognitive information-based authentication apparatus 200 .
  • the cognitive information-based authentication apparatus 200 is described as receiving behavioral and contextual information and big data from the external data collection device 300 and the big data repository 400 , respectively.
  • the cognitive information-based authentication apparatus 200 may collect behavioral and contextual information by itself, or may generate and store big data by itself.
  • FIG. 2 is a block diagram illustrating the configuration of a cognitive information-based authentication apparatus according to an embodiment of the present invention.
  • the cognitive information-based authentication apparatus 200 includes an authentication request reception unit 210 , a behavioral and contextual information collection unit 220 , a cognitive information extraction unit 230 , an authentication processing unit 240 , and an authentication result output unit 250 .
  • the authentication request reception unit 210 receives a request to authenticate an authentication target.
  • the authentication target may be a user or an object (machine) to be authenticated.
  • the authentication request reception unit 210 may receive the authentication request directly from the authentication target, or from an additional device or software, which requires that the authentication target be authenticated.
  • the authentication request reception unit 210 is described as receiving the authentication request.
  • the cognitive information-based authentication apparatus 200 may determine that it has received an authentication request.
  • the cognitive information-based authentication apparatus 200 may determine that it has received an authentication request.
  • the behavioral and contextual information collection unit 220 collects behavioral and contextual information about the authentication target.
  • the behavioral and contextual information collection unit 220 may collect behavioral and contextual information about the authentication target by itself using a collection module included therein. Also, the behavioral and contextual information collection unit 220 may receive behavioral and contextual information about the authentication target from an external data collection device 300 .
  • the behavioral and contextual information may include at least one of the location information, movement information, beacon signal information, bio-signal information, environmental information, and information about a running application, which correspond to the authentication target.
  • the cognitive information extraction unit 230 extracts cognitive information corresponding to the authentication request from previously stored big data.
  • the previously stored big data may be collected using at least one of a location sensor, a beacon signal collection sensor, a biometrics collection sensor, and an environment sensor. Also, the previously stored big data may include at least one of a kind of network, a kind of access network, and information about execution of an application, corresponding to the authentication target.
  • the cognitive information extraction unit 230 may extract cognitive information from big data stored in the cognitive information-based authentication apparatus 200 , or may extract cognitive information from the external big data repository 400 .
  • the authentication processing unit 240 authenticates the authentication target based on the extracted cognitive information in consideration of the behavioral and contextual information.
  • the authentication processing unit 240 may authenticate the authentication target by determining at least one of the continuity, authenticity, validity and correctness of the behavioral and contextual information.
  • the authentication processing unit 240 may determine the continuity of the behavioral and contextual information based on at least one of whether the behavioral and contextual information is continuously received for a time period longer than a threshold time and whether the number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
  • the authentication processing unit 240 may determine whether to perform authentication of the authentication target corresponding to the behavioral and contextual information, or may perform authentication of the authentication target.
  • the authentication processing unit 240 determines whether the behavioral and contextual information corresponding to the movement of the vehicle is continuously collected, and if so, it may authenticate the corresponding authentication target.
  • the authentication processing unit 240 may not perform authentication of the authentication target corresponding to the behavioral and contextual information.
  • the authentication processing unit 240 may determine the authenticity of the behavioral and contextual information based on whether a change in behavioral and contextual information is equal to or less than a threshold variation.
  • the authentication processing unit 240 determines that the change in the behavioral and contextual information exceeds a threshold variation and thus the corresponding behavioral and contextual information is not authentic information.
  • the threshold variation may be set based on the behavioral and contextual information, and may be set using previously stored big data. Also, if the change in the behavioral and contextual information is equal to or less than the threshold variation, the authentication processing unit 240 may authenticate the authentication target corresponding to the behavioral and contextual information.
  • the authentication processing unit 240 may determine the validity of the behavioral and contextual information by comparing predicted behavioral and contextual information with the result of the change in behavioral and contextual information.
  • the behavior of paying the parking charge after passing through the entrance to the parking lot is predictable.
  • the authentication processing unit 240 may predict behaviors such as parking the car, paying the parking charge using a credit card, getting a receipt for the parking charge, and the like.
  • the authentication processing unit 240 may predict such behaviors based on the extracted cognitive information.
  • the authentication processing unit 240 compares the prediction with the behavioral and contextual information generated after the prediction, and thereby determines whether the behavioral and contextual information generated after the prediction is valid.
  • the authentication processing unit 240 determines that the corresponding behavioral and contextual information is not valid, and may not perform authentication of the authentication target corresponding to the behavioral and contextual information.
  • the authentication processing unit 240 may determine the correctness of a change in the pattern of behavioral and contextual information based on the extracted cognitive information.
  • the authentication processing unit 240 may authenticate the authentication target by determining whether the change in the pattern of the behavioral and contextual information is correct. For example, assume that behavioral and contextual information indicating that an authentication target boards a bus, the route number of which is 101, and taps a transportation card on a card reader. Then, behavioral and contextual information that includes a beacon signal corresponding to bus stop A is received.
  • the authentication processing unit 240 checks whether the service route of the number 101 bus includes the bus stop A.
  • the authentication processing unit 240 extracts cognitive information corresponding to the service route of the number 101 bus from the big data repository, and determines whether it is correct that the authentication target has received the beacon signal corresponding to the bus stop A by examining the extracted cognitive information and the bus stop A.
  • the authentication processing unit 240 may not perform the authentication of the authentication target. Conversely, if the service route of the number 101 bus includes the bus stop A, the authentication processing unit 240 may authenticate the authentication target.
  • the authentication result output unit 250 outputs the result of authentication corresponding to the authentication target.
  • the authentication result output unit 250 may output the authentication result to the cognitive information-based authentication apparatus 200 , or may transmit the authentication result to the external device or software that sent the authentication request.
  • FIG. 3 is a flowchart illustrating a cognitive information-based authentication method according to an embodiment of the present invention.
  • a cognitive information-based authentication apparatus 200 receives a request to authenticate an authentication target at step S 310 .
  • the cognitive information-based authentication apparatus 200 may receive the authentication request from the authentication target, or may receive the authentication request from an external device or software.
  • the cognitive information-based authentication apparatus 200 collects behavioral and contextual information about the authentication target at step S 320 .
  • the cognitive information-based authentication apparatus 200 collects the behavioral and contextual information about the authentication target by itself using a collection module therein, or may receive the behavioral and contextual information from an external data collection device.
  • the authentication target may generate behavioral and contextual information about the behavior, surrounding environment, and context of the authentication target using the sensor or the collection module. Accordingly, the cognitive information-based authentication apparatus 200 may collect the behavioral and contextual information from the authentication target.
  • the behavioral and contextual information may include at least one of location information, movement information, beacon signal information, bio-signal information, environmental information, and information about a running application, which correspond to the authentication target.
  • the cognitive information-based authentication apparatus 200 collects behavioral and contextual information indicating that an authentication target gets into a car and starts the car.
  • the cognitive information-based authentication apparatus 200 may collect behavioral and contextual information such as the location of the car, the speed of the car, whether a navigation app is running on the terminal of the authentication target, the route indicated by the navigation app, information about traffic monitoring cameras, information about usage of a function capable of deferring payment in order to quickly pass a toll gate in an expressway (hi-pass function in Korea), traffic information collected by a traffic information collector, the temperature inside and outside the car, and the like.
  • the cognitive information-based authentication apparatus 200 may collect behavioral and contextual information such as information about the bus service route, the travel time, information about the credit card used to buy a bus ticket, the time at which the charge was paid, information about the location of the bus, and the like.
  • the behavioral and contextual information may be collected using the communication network of a smart device owned by the authentication target, a traffic network, an open Wi-Fi network, a special network for collecting big data, and a network connected to beacons.
  • the behavioral and contextual information collected at step S 320 may be stored as big data in a big data cloud server or big data repository.
  • the cognitive information-based authentication apparatus 200 extracts cognitive information at step S 330 .
  • the cognitive information-based authentication apparatus 200 extracts cognitive information corresponding to the behavioral and contextual information collected at step S 320 .
  • the cognitive information-based authentication apparatus 200 may extract the cognitive information corresponding to the behavioral and contextual information from the big data stored in the storage module therein.
  • the cognitive information-based authentication apparatus 200 may extract the cognitive information from the big data stored in an external big data repository.
  • the cognitive information-based authentication apparatus 200 may extract the service route of the number 101 bus, the speed of the bus, the current location of the bus, and the like, as the cognitive information.
  • the cognitive information-based authentication apparatus 200 performs authentication at step S 340 .
  • the cognitive information-based authentication apparatus 200 authenticates the authentication target based on the extracted cognitive information in consideration of the behavioral and contextual information.
  • the cognitive information-based authentication apparatus 200 may authenticate the authentication target by determining at least one of the continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • the cognitive information-based authentication apparatus 200 may determine the continuity of the behavioral and contextual information based on at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether the number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times. If the behavioral and contextual information is determined to be continuous, authentication of the authentication target may be performed.
  • the cognitive information-based authentication apparatus 200 may determine the authenticity of the behavioral and contextual information based on whether a change of the behavioral and contextual information is equal to or less than a threshold variation. If the behavioral and contextual information is determined to be authentic information, the cognitive information-based authentication apparatus 200 may perform authentication of the authentication target.
  • the cognitive information-based authentication apparatus 200 may determine the validity of the behavioral and contextual information by comparing predicted behavioral and contextual information with the result of the change in behavioral and contextual information. If the behavioral and contextual information is determined to be reasonable, the cognitive information-based authentication apparatus 200 may perform authentication of the authentication target.
  • the cognitive information-based authentication apparatus 200 may determine the correctness of a change in the pattern of behavioral and contextual information based on the extracted cognitive information. If it is determined that the change in the pattern of behavioral and contextual information is correct, the cognitive information-based authentication apparatus 200 may perform authentication of the authentication target.
  • the cognitive information-based authentication apparatus 200 outputs the authentication result at step S 350 .
  • the cognitive information-based authentication apparatus 200 may output the authentication result to the cognitive information-based authentication apparatus 200 , or may transmit the authentication result to the external device or software that sent the authentication request.
  • the cognitive information-based authentication apparatus 200 may transmit the result of authentication of the authentication target to the authentication request device that requested the authentication.
  • SSO Single Sign-On
  • the cognitive information-based authentication apparatus 200 may be combined with an existing authentication method such as an ID/password-based authentication method. In this case, if authentication information is lost, the cognitive information-based authentication apparatus 200 may authenticate the person who requested authentication using behavioral and contextual information about the person.
  • the cognitive information-based authentication apparatus 200 may block the request of the unauthorized entity by comparing the behavioral and contextual information about an authorized user or object with that about the unauthorized entity. Accordingly, the cognitive information-based authentication apparatus 200 may overcome the difficulty whereby a device for inputting an ID/password must be installed in the object and the inconvenience whereby a user must input a password when authentication is requested.
  • the cognitive information-based authentication apparatus 200 may be combined with an authentication token-based method. In this case, if a hardware authentication token is lost or is not carried, the cognitive information-based authentication apparatus 200 may perform temporary authentication by checking the behavioral and contextual information about the person who requested authentication.
  • the cognitive information-based authentication apparatus 200 performs authentication using behavioral and contextual information, whereby temporary authentication may be performed for a normal authorized user and authentication requests by unauthorized users may be prevented.
  • the cognitive information-based authentication apparatus 200 may overcome problems that may occur when an existing token-based authentication system is used, for example, problems related to the cost of constructing a specialized authentication system, the cost of managing the system, the need to issue a great number of authentication tokens with an increase in users, and the like.
  • the cognitive information-based authentication apparatus 200 may perform authentication in combination with a biometric authentication method.
  • the cognitive information-based authentication apparatus 200 may temporarily authenticate the normal user by performing authentication using behavioral and contextual information about the authentication target before the normal user newly registers his or her biometric information.
  • the cognitive information-based authentication apparatus 200 may be combined with an existing authentication method, such as a two-channel service of Internet banking services in order to provide multi-factor authentication, thus providing convenience to a user who requests authentication.
  • an existing authentication method such as a two-channel service of Internet banking services
  • FIG. 4 is a flowchart illustrating a method for generating cognitive information according to an embodiment of the present invention.
  • a cognitive information-based authentication apparatus 200 collects big data at step S 410 .
  • the cognitive information-based authentication apparatus 200 may collect big data such as the location of a user or an object, information collected using signals from nearby beacons, information about access networks, the type of a device used to collect information, the movement speed, displacement, information about communication with nearby devices, environmental factors such as temperature and humidity in the area, variation in environmental factors, information about the circumstances, and the like.
  • the big data may be individually identifiable information or may be information about circumstances linked to the individually identifiable information.
  • the cognitive information-based authentication apparatus 200 may collect big data using collection modules, which may measure and collect information about the surrounding environment or circumstances, such as various environment sensors, a location sensor, a photo-sensor, a recognition sensor, and the like. Also, the cognitive information-based authentication apparatus 200 may collect big data from users and objects through communication networks.
  • collection modules which may measure and collect information about the surrounding environment or circumstances, such as various environment sensors, a location sensor, a photo-sensor, a recognition sensor, and the like.
  • the cognitive information-based authentication apparatus 200 may collect big data from users and objects through communication networks.
  • the cognitive information-based authentication apparatus 200 generates cognitive information at step S 420 .
  • the cognitive information-based authentication apparatus 200 generates cognitive information by processing the collected big data.
  • the cognitive information-based authentication apparatus 200 assigns an identification code to each of the devices, and may generate big data to which the identification code is assigned.
  • the cognitive information-based authentication apparatus 200 may map the generated cognitive information to information about the users and objects.
  • the cognitive information-based authentication apparatus 200 stores the generated cognitive information at step S 430 .
  • the cognitive information-based authentication apparatus 200 stores the cognitive information in the form of a digitized database.
  • the cognitive information-based authentication apparatus 200 may check whether the cognitive information is collected normally, and may then store the cognitive information by performing step S 430 , which will be described later, only when the cognitive information is determined to have been collected normally.
  • the cognitive information-based authentication apparatus 200 may store the big data so as to be mapped to the authentication target. Also, the cognitive information-based authentication apparatus 200 checks the continuity and correlation between cognitive information, which was previously collected and stored, and the generated cognitive information, and may store the generated cognitive information only when it is determined that there is validity between the generated cognitive information and the stored cognitive information.
  • the cognitive information-based authentication apparatus 200 may check the validity between the generated cognitive information and the stored cognitive information through various validation methods, for example, by checking the validity of displacement between the stored cognitive information and the generated cognitive information, the consistency of identification information about objects around an authentication target corresponding to the cognitive information, the consistency of information about the surroundings, the consistency of the behavior of the authentication target and the context of the connected device, information about the comparison of temperature in stored cognitive information with the mean of the variation of temperature in the current location, and the like.
  • FIG. 5 is a block diagram illustrating a computer system according to an embodiment of the present invention.
  • an embodiment of the present invention may be implemented in a computer system 500 such as a computer-readable recording medium.
  • the computer system 500 may include one or more processors 510 , memory 530 , a user interface input device 540 , a user interface output device 550 , and storage 560 , which communicate with each other via a bus 520 .
  • the computer system 500 may further include a network interface 570 connected to a network 580 .
  • the processor 510 may be a central processing unit or a semiconductor device for executing processing instructions stored in the memory 530 or storage 560 .
  • the memory 530 and the storage 560 may be various types of volatile or nonvolatile storage media.
  • the memory may include ROM 531 or RAM 532 .
  • the embodiment of the present invention may be implemented as a method implemented by a computer or a non-volatile computer-readable medium in which instructions executable by a computer are recorded.
  • the computer-readable instructions When computer-readable instructions are executed by a processor, the computer-readable instructions may perform the method according to at least one aspect of the present invention.
  • an authentication service may be provided more conveniently and effectively than a conventional authentication method.
  • secure authentication may be provided by using behavioral and contextual information as authentication information.
  • problems attributable to loss, exposure, and damage of authentication information in an existing authentication method may be overcome, whereby temporary authentication may be provided and authentication of unauthorized entities may be prevented.
  • the apparatus and method for authentication based on cognitive information according to the present invention are not limitedly applied to the configurations and operations of the above-described embodiments, but all or some of the embodiments may be selectively combined and configured so that the embodiments may be modified in various ways.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Biomedical Technology (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Collating Specific Patterns (AREA)

Abstract

An authentication apparatus and method based on cognitive information. The authentication apparatus based on cognitive information includes an authentication request reception unit for receiving a request to authenticate an authentication target, a behavioral and contextual information collection unit for collecting behavioral and contextual information corresponding to the authentication target, a cognitive information extraction unit for extracting cognitive information corresponding to the request from previously stored big data, and an authentication processing unit for authenticating the authentication target in consideration of the behavioral and contextual information based on the extracted cognitive information.

Description

    CROSS REFERENCE TO RELATED APPLICATION
  • This application claims the benefit of Korean Patent Application No. 10-2016-0041453, filed Apr. 5, 2016, which is hereby incorporated by reference in its entirety into this application.
    • BACKGROUND OF THE INVENTION 1. Technical Field
  • The present invention relates generally to technology for authenticating an authentication target based on cognitive information and, more particularly, to a technique for authenticating an authentication target using behavioral and contextual information about the authentication target and cognitive information extracted from big data.
    • 2. Description of the Related Art
  • Recently, as various devices for the Internet of Things (IoT) environment have been developed and users are increasingly using such devices, not only requirements for authenticating users and machines but also requirements for machine-to-machine authentication are increasing. Accordingly, various authentication methods, including single-factor authentication methods, such as an ID/password-based authentication method, a token-based authentication method, and a biometric authentication method, and multi-factor authentication methods are being used.
  • These authentication methods differ from each other in terms of user convenience and security. The ID/password authentication method performs authentication based on secret information that has been set in advance and shared between a user and a machine. Because the ID/password authentication method uses the preset password, it is advantageous in user convenience.
  • However, this method has limitations such as a problem related to the exposure of a password, inconvenience in which a password needs to be frequently changed in order to prevent the exposure thereof, a security vulnerability in storing and distributing information, and the like. Also, when setting a password between machines, a user must input the password.
  • Meanwhile, the token-based authentication method may use a hardware authentication token or a software authentication token. For example, a One-Time Password (OTP) device is a hardware authentication token, and an authentication certificate (X.509) is a software authentication token.
  • Because the hardware authentication token must be carried by a user in the form of physical hardware, it is disadvantageous from the aspects of portability and convenience. Also, when it is applied to a machine, the hardware authentication token needs to be mounted thereon, whereby hardware costs may increase.
  • The software authentication token is superior to the hardware authentication token from the aspects of portability and convenience. However, because the software authentication token is stored in a storage medium, it may be leaked. Also, when it is applied to a machine, a specialized program for operating the software authentication token is required.
  • The biometric authentication method authenticates a user based on unique biological characteristics or behavioral characteristics. The biometric authentication method does not require that an authentication token be carried, or that a preset password be shared. Also, when biological information about a user is used, it has high security.
  • However, it is not easy to construct a system for implementing the biometric authentication method. That is, the biometric authentication method is disadvantageous in that it is difficult to construct and manage a system in which authentication is performed by analyzing patterns of biological characteristics or behavioral characteristics. Also, because unique biological information is used, when such information is exposed, there may be an insurmountable problem. Furthermore, the biometric authentication method cannot be used to authenticate machines.
  • In order to overcome the problems of single-factor authentication, an authentication method in which two or more single-factor authentication methods are combined is used. For example, an authentication method in which ID/password authentication is combined with a mobile phone authentication code and an authentication method that uses both a security token and an OTP card are mainly used.
  • However, a method that requires the input of authentication factors or a method in which a token or system for authentication is added to a machine may lower user convenience and security. Also, because multi-factor authentication using existing single-factor authentication methods requires that multiple elements be carried and that two-channel communication be conducted, authentication factors and resources for communication may not be effectively used.
  • Therefore, it is necessary to develop technology for performing authentication between users, between objects, and between a user and an object more simply and effectively than when using existing methods.
    • DOCUMENTS OF RELATED ART
  • (Patent Document 1) Korean Patent Application Publication No. 10-2007-0008744, disclosed on Jan. 18, 2007 and titled β€œApparatus and method for generating a pattern for behavior-based user authentication”.
    • SUMMARY OF THE INVENTION
  • An object of the present invention is to provide an authentication service more conveniently and effectively than existing authentication methods.
  • Another object of the present invention is to provide mutual authentication service between users, between an object and a user, and between objects using big data.
  • A further object of the present invention is to enable secure authentication by using behavioral and contextual information as authentication information.
  • Yet another object of the present invention is to overcome problems with conventional authentication methods, resulting from loss, exposure, and damage of authentication information, and thereby to enable temporary authentication and to prevent unauthorized entities from being authenticated.
  • Still another object of the present invention is to provide a more effective and secure authentication service in combination with an existing authentication method.
  • In order to accomplish the above object, an authentication apparatus based on cognitive information according to the present invention includes an authentication request reception unit for receiving a request to authenticate an authentication target, a behavioral and contextual information collection unit for collecting behavioral and contextual information corresponding to the authentication target, a cognitive information extraction unit for extracting cognitive information corresponding to the request from previously stored big data, and an authentication processing unit for authenticating the authentication target in consideration of the behavioral and contextual information based on extracted cognitive information.
  • The authentication processing unit may authenticate the authentication target by determining at least one of continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • The authentication processing unit may determine the continuity of the behavioral and contextual information in consideration of at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether a number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
  • The authentication processing unit may determine the authenticity of the behavioral and contextual information in consideration of whether the behavioral and contextual information is authentic information such that a change in the behavioral and contextual information is equal to or less than a threshold variation.
  • The authentication processing unit may determine the validity of the behavioral and contextual information by comparing a result of a change in the behavioral and contextual information with a result of a prediction corresponding to the behavioral and contextual information.
  • The authentication processing unit may determine the correctness by checking whether a change in a pattern of the behavioral and contextual information is correct based on the extracted cognitive information.
  • The previously stored big data may be collected using at least one of a location sensor, a beacon signal collection sensor, a bio-signal collection sensor, and an environment sensor, or the previously stored big data may be at least one of a kind of a network, a kind of an access network, and information about execution of an application, corresponding to the authentication target.
  • The authentication target may be at least one of a user to be authenticated and a device to be authenticated.
  • The authentication apparatus may further include an authentication result output unit for outputting a result of authentication of the authentication target.
  • The authentication processing unit may perform multi-factor authentication in combination with at least one of an ID/password-based authentication method, an authentication token-based authentication method, and a biometric authentication method.
  • Also, an authentication method based on cognitive information, performed by an authentication apparatus based on cognitive information, according to an embodiment of the present invention includes receiving a request to authenticate an authentication target, collecting behavioral and contextual information corresponding to the authentication target, extracting cognitive information corresponding to the request from previously stored big data, and authenticating the authentication target in consideration of the behavioral and contextual information based on the extracted cognitive information.
  • Authenticating the authentication target may be configured to authenticate the authentication target by determining at least one of continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • Authenticating the authentication target may be configured to determine the continuity of the behavioral and contextual information in consideration of at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether a number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
  • Authenticating the authentication target may be configured to determine the authenticity of the behavioral and contextual information in consideration of whether the behavioral and contextual information is authentic information such that a change in the behavioral and contextual information is equal to or less than a threshold variation.
  • Authenticating the authentication target may be configured to determine the validity of the behavioral and contextual information by comparing a result of change in the behavioral and contextual information with a result of prediction corresponding to the behavioral and contextual information.
  • Authenticating the authentication target may be configured to determine the correctness by checking whether a change in a pattern of the behavioral and contextual information is correct based on the extracted cognitive information.
  • The previously stored big data may be collected using at least one of a location sensor, a beacon signal collection sensor, a bio-signal collection sensor, and an environment sensor, or the previously stored big data may be at least one of a kind of a network, a kind of an access network, and information about execution of an application, corresponding to the authentication target.
  • The authentication target may be at least one of a user to be authenticated and a device to be authenticated.
  • The authentication method may further include outputting a result of authentication of the authentication target.
  • Authenticating the authentication target may be configured to authenticate the authentication target in combination with at least one of an ID/password-based authentication method, an authentication token-based authentication method, and a biometric authentication method.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The above and other objects, features and advantages of the present invention will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which:
  • FIG. 1 is a view schematically illustrating an environment in which a cognitive information-based authentication apparatus is applied according to an embodiment of the present invention;
  • FIG. 2 is a block diagram illustrating the configuration of a cognitive information-based authentication apparatus according to an embodiment of the present invention;
  • FIG. 3 is a flowchart illustrating a cognitive information-based authentication method according to an embodiment of the present invention;
  • FIG. 4 is a flowchart illustrating a method for generating cognitive information according to an embodiment of the present invention; and
  • FIG. 5 is a block diagram illustrating a computer system according to an embodiment of the present invention.
    •  DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • The present invention will be described in detail below with reference to the accompanying drawings. Repeated descriptions and descriptions of known functions and configurations which have been deemed to make the gist of the present invention unnecessarily obscure will be omitted below. The embodiments of the present invention are intended to fully describe the present invention to a person having ordinary knowledge in the art to which the present invention pertains. Accordingly, the shapes, sizes, etc. of components in the drawings may be exaggerated in order to make the description clearer.
  • Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.
  • FIG. 1 is a view schematically illustrating an environment in which a cognitive information-based authentication apparatus is applied according to an embodiment of the present invention.
  • As illustrated in FIG. 1, a cognitive information-based authentication apparatus 200, which receives a request to authenticate an authentication target 100, collects behavioral and contextual information about the authentication target 100 from a data collection device 300.
  • Then, the cognitive information-based authentication apparatus 200 extracts cognitive information corresponding to the authentication target 100 from a big data repository 400. The cognitive information-based authentication apparatus 200 authenticates the authentication target 100 using the collected behavioral and contextual information about the authentication target 100 and the extracted cognitive information.
  • The authentication target 100 may be a person or an object, and as the authentication target 100 behaves or operates, behavioral and contextual information corresponding to the authentication target 100 may be generated.
  • Here, the behavioral and contextual information about the authentication target 100 may include at least one of information about the location of the authentication target 100, information about the movement of the authentication target 100, information about a nearby beacon, information about a device connected thereto, information about a target to communicate therewith, information about a communication interface, weather information, environmental information, and information about circumstances.
  • The cognitive information-based authentication apparatus 200 receives a request to authenticate the authentication target 100. Here, the cognitive information-based authentication apparatus 200 may receive the authentication request directly from the authentication target 100.
  • Also, when receiving behavioral and contextual information about the authentication target 100, the cognitive information-based authentication apparatus 200 regards it as the reception of a request to authenticate the authentication target 100, and may then perform authentication.
  • The cognitive information-based authentication apparatus 200 collects behavioral and contextual information about the authentication target 100 and extracts cognitive information corresponding to an authentication request from previously stored big data. Then, the cognitive information-based authentication apparatus 200 authenticates the authentication target 100 using the behavioral and contextual information and the extracted cognitive information.
  • Here, the cognitive information-based authentication apparatus 200 may authenticate the authentication target 100 by determining at least one of the continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • The data collection device 300 collects behavioral and contextual information about the authentication target 100 and delivers the collected information to the cognitive information-based authentication apparatus 200. Here, the behavioral and contextual information collected by the data collection device 300 may be used to authenticate the authentication target 100, or may be stored as big data.
  • The big data repository 400 stores cognitive information, which is a criterion for authenticating the authentication target 100. Here, the cognitive information means big data generated in association with the behavior and context of a person or object, and the big data repository 400 may collect and store big data by itself through a big data generation unit, or may store big data received from the outside.
  • Also, the big data repository 400 continuously updates the big data, and may transmit big data corresponding to the authentication target 100 to the cognitive information-based authentication apparatus 200 upon receiving a request for cognitive information from the cognitive information-based authentication apparatus 200.
  • For the convenience of description, the cognitive information-based authentication apparatus 200 is described as receiving behavioral and contextual information and big data from the external data collection device 300 and the big data repository 400, respectively. However, without limitation to this, the cognitive information-based authentication apparatus 200 may collect behavioral and contextual information by itself, or may generate and store big data by itself.
  • Hereinafter, the configuration of a cognitive information-based authentication apparatus according to an embodiment of the present invention will be described in detail with reference to FIG. 2.
  • FIG. 2 is a block diagram illustrating the configuration of a cognitive information-based authentication apparatus according to an embodiment of the present invention.
  • As illustrated in FIG. 2, the cognitive information-based authentication apparatus 200 includes an authentication request reception unit 210, a behavioral and contextual information collection unit 220, a cognitive information extraction unit 230, an authentication processing unit 240, and an authentication result output unit 250.
  • First, the authentication request reception unit 210 receives a request to authenticate an authentication target.
  • Here, the authentication target may be a user or an object (machine) to be authenticated.
  • The authentication request reception unit 210 may receive the authentication request directly from the authentication target, or from an additional device or software, which requires that the authentication target be authenticated.
  • For the convenience of description, the authentication request reception unit 210 is described as receiving the authentication request. However, without limitation to this, when behavioral and contextual information is collected, even if it does not receive an authentication request, the cognitive information-based authentication apparatus 200 may determine that it has received an authentication request. Particularly, when behavioral and contextual information corresponding to a predetermined condition is collected, the cognitive information-based authentication apparatus 200 may determine that it has received an authentication request.
  • The behavioral and contextual information collection unit 220 collects behavioral and contextual information about the authentication target.
  • The behavioral and contextual information collection unit 220 may collect behavioral and contextual information about the authentication target by itself using a collection module included therein. Also, the behavioral and contextual information collection unit 220 may receive behavioral and contextual information about the authentication target from an external data collection device 300.
  • Here, the behavioral and contextual information may include at least one of the location information, movement information, beacon signal information, bio-signal information, environmental information, and information about a running application, which correspond to the authentication target.
  • The cognitive information extraction unit 230 extracts cognitive information corresponding to the authentication request from previously stored big data.
  • Here, the previously stored big data may be collected using at least one of a location sensor, a beacon signal collection sensor, a biometrics collection sensor, and an environment sensor. Also, the previously stored big data may include at least one of a kind of network, a kind of access network, and information about execution of an application, corresponding to the authentication target.
  • Also, the cognitive information extraction unit 230 may extract cognitive information from big data stored in the cognitive information-based authentication apparatus 200, or may extract cognitive information from the external big data repository 400.
  • The authentication processing unit 240 authenticates the authentication target based on the extracted cognitive information in consideration of the behavioral and contextual information.
  • The authentication processing unit 240 may authenticate the authentication target by determining at least one of the continuity, authenticity, validity and correctness of the behavioral and contextual information.
  • Here, the authentication processing unit 240 may determine the continuity of the behavioral and contextual information based on at least one of whether the behavioral and contextual information is continuously received for a time period longer than a threshold time and whether the number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
  • By determining the continuity of the behavioral and contextual information, the authentication processing unit 240 may determine whether to perform authentication of the authentication target corresponding to the behavioral and contextual information, or may perform authentication of the authentication target.
  • For example, it is assumed that the behavioral and contextual information about the movement of a vehicle is collected. Here, because a network changes with the movement of the vehicle, the behavioral and contextual information is continuously generated. Therefore, the authentication processing unit 240 determines whether the behavioral and contextual information corresponding to the movement of the vehicle is continuously collected, and if so, it may authenticate the corresponding authentication target.
  • Conversely, if the authentication processing unit 240 receives the behavioral and contextual information about the movement of the vehicle only once, the authentication processing unit 240 may not perform authentication of the authentication target corresponding to the behavioral and contextual information.
  • Also, the authentication processing unit 240 may determine the authenticity of the behavioral and contextual information based on whether a change in behavioral and contextual information is equal to or less than a threshold variation.
  • For example, it is assumed that behavioral and contextual information corresponding to tapping a transportation card when boarding a bus is received, and that behavioral and contextual information indicating that the moving speed is 60 km/h is received. Then, when behavioral and contextual information indicating that the moving speed is 200 km/h is received, the authentication processing unit 240 determines that the change in the behavioral and contextual information exceeds a threshold variation and thus the corresponding behavioral and contextual information is not authentic information.
  • Here, the threshold variation may be set based on the behavioral and contextual information, and may be set using previously stored big data. Also, if the change in the behavioral and contextual information is equal to or less than the threshold variation, the authentication processing unit 240 may authenticate the authentication target corresponding to the behavioral and contextual information.
  • Also, the authentication processing unit 240 may determine the validity of the behavioral and contextual information by comparing predicted behavioral and contextual information with the result of the change in behavioral and contextual information.
  • For example, assume that behavioral and contextual information indicating that a car is moving is received, that behavioral and contextual information indicating that the car passes the entrance to a parking lot is received, and that behavioral and contextual information indicating that the car is parked is received. Then, if behavioral and contextual information indicating that the parking charge for the corresponding parking lot has been paid using a credit card is received, the authentication processing unit 240 determines that this behavioral and contextual information is reasonable.
  • The behavior of paying the parking charge after passing through the entrance to the parking lot is predictable. Specifically, when the authentication processing unit 240 receives the behavioral and contextual information that indicates entry into the parking lot, it may predict behaviors such as parking the car, paying the parking charge using a credit card, getting a receipt for the parking charge, and the like. Here, the authentication processing unit 240 may predict such behaviors based on the extracted cognitive information.
  • Then, the authentication processing unit 240 compares the prediction with the behavioral and contextual information generated after the prediction, and thereby determines whether the behavioral and contextual information generated after the prediction is valid.
  • If it receives behavioral and contextual information that indicates getting a receipt at a gas station after passing through the entrance to a parking lot, the authentication processing unit 240 determines that the corresponding behavioral and contextual information is not valid, and may not perform authentication of the authentication target corresponding to the behavioral and contextual information.
  • Also, the authentication processing unit 240 may determine the correctness of a change in the pattern of behavioral and contextual information based on the extracted cognitive information.
  • The authentication processing unit 240 may authenticate the authentication target by determining whether the change in the pattern of the behavioral and contextual information is correct. For example, assume that behavioral and contextual information indicating that an authentication target boards a bus, the route number of which is 101, and taps a transportation card on a card reader. Then, behavioral and contextual information that includes a beacon signal corresponding to bus stop A is received.
  • Here, the authentication processing unit 240 checks whether the service route of the number 101 bus includes the bus stop A. The authentication processing unit 240 extracts cognitive information corresponding to the service route of the number 101 bus from the big data repository, and determines whether it is correct that the authentication target has received the beacon signal corresponding to the bus stop A by examining the extracted cognitive information and the bus stop A.
  • If the bus stop A is not located along the service route of the number 101 bus and if the current location of the number 101 bus, carrying the authentication target, differs from the bus stop A, the authentication processing unit 240 may not perform the authentication of the authentication target. Conversely, if the service route of the number 101 bus includes the bus stop A, the authentication processing unit 240 may authenticate the authentication target.
  • Finally, the authentication result output unit 250 outputs the result of authentication corresponding to the authentication target. The authentication result output unit 250 may output the authentication result to the cognitive information-based authentication apparatus 200, or may transmit the authentication result to the external device or software that sent the authentication request.
  • Hereinafter, a cognitive information-based authentication method performed by a cognitive information-based authentication apparatus according to an embodiment of the present invention will be described in more detail with reference to FIG. 3.
  • FIG. 3 is a flowchart illustrating a cognitive information-based authentication method according to an embodiment of the present invention.
  • First, a cognitive information-based authentication apparatus 200 receives a request to authenticate an authentication target at step S310.
  • Here, the cognitive information-based authentication apparatus 200 may receive the authentication request from the authentication target, or may receive the authentication request from an external device or software.
  • Then, the cognitive information-based authentication apparatus 200 collects behavioral and contextual information about the authentication target at step S320.
  • The cognitive information-based authentication apparatus 200 collects the behavioral and contextual information about the authentication target by itself using a collection module therein, or may receive the behavioral and contextual information from an external data collection device.
  • Also, if the authentication target includes a sensor or a collection module, the authentication target may generate behavioral and contextual information about the behavior, surrounding environment, and context of the authentication target using the sensor or the collection module. Accordingly, the cognitive information-based authentication apparatus 200 may collect the behavioral and contextual information from the authentication target.
  • Here, the behavioral and contextual information may include at least one of location information, movement information, beacon signal information, bio-signal information, environmental information, and information about a running application, which correspond to the authentication target.
  • For example, assume that the cognitive information-based authentication apparatus 200 collects behavioral and contextual information indicating that an authentication target gets into a car and starts the car. Here, the cognitive information-based authentication apparatus 200 may collect behavioral and contextual information such as the location of the car, the speed of the car, whether a navigation app is running on the terminal of the authentication target, the route indicated by the navigation app, information about traffic monitoring cameras, information about usage of a function capable of deferring payment in order to quickly pass a toll gate in an expressway (hi-pass function in Korea), traffic information collected by a traffic information collector, the temperature inside and outside the car, and the like.
  • Also, when it is determined that the authentication target is traveling by bus, the cognitive information-based authentication apparatus 200 may collect behavioral and contextual information such as information about the bus service route, the travel time, information about the credit card used to buy a bus ticket, the time at which the charge was paid, information about the location of the bus, and the like.
  • Also, the behavioral and contextual information may be collected using the communication network of a smart device owned by the authentication target, a traffic network, an open Wi-Fi network, a special network for collecting big data, and a network connected to beacons.
  • Also, the behavioral and contextual information collected at step S320 may be stored as big data in a big data cloud server or big data repository.
  • Next, the cognitive information-based authentication apparatus 200 extracts cognitive information at step S330.
  • The cognitive information-based authentication apparatus 200 extracts cognitive information corresponding to the behavioral and contextual information collected at step S320. Here, the cognitive information-based authentication apparatus 200 may extract the cognitive information corresponding to the behavioral and contextual information from the big data stored in the storage module therein. Also, the cognitive information-based authentication apparatus 200 may extract the cognitive information from the big data stored in an external big data repository.
  • If behavioral and contextual information indicating that a transportation card has been tapped on the card reader of a bus, the number of which is 101, was collected at step S320, the cognitive information-based authentication apparatus 200 may extract the service route of the number 101 bus, the speed of the bus, the current location of the bus, and the like, as the cognitive information.
  • Then, the cognitive information-based authentication apparatus 200 performs authentication at step S340.
  • The cognitive information-based authentication apparatus 200 authenticates the authentication target based on the extracted cognitive information in consideration of the behavioral and contextual information. Here, the cognitive information-based authentication apparatus 200 may authenticate the authentication target by determining at least one of the continuity, authenticity, validity, and correctness of the behavioral and contextual information.
  • The cognitive information-based authentication apparatus 200 may determine the continuity of the behavioral and contextual information based on at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether the number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times. If the behavioral and contextual information is determined to be continuous, authentication of the authentication target may be performed.
  • The cognitive information-based authentication apparatus 200 may determine the authenticity of the behavioral and contextual information based on whether a change of the behavioral and contextual information is equal to or less than a threshold variation. If the behavioral and contextual information is determined to be authentic information, the cognitive information-based authentication apparatus 200 may perform authentication of the authentication target.
  • Also, the cognitive information-based authentication apparatus 200 may determine the validity of the behavioral and contextual information by comparing predicted behavioral and contextual information with the result of the change in behavioral and contextual information. If the behavioral and contextual information is determined to be reasonable, the cognitive information-based authentication apparatus 200 may perform authentication of the authentication target.
  • Also, the cognitive information-based authentication apparatus 200 may determine the correctness of a change in the pattern of behavioral and contextual information based on the extracted cognitive information. If it is determined that the change in the pattern of behavioral and contextual information is correct, the cognitive information-based authentication apparatus 200 may perform authentication of the authentication target.
  • Finally, the cognitive information-based authentication apparatus 200 outputs the authentication result at step S350.
  • The cognitive information-based authentication apparatus 200 may output the authentication result to the cognitive information-based authentication apparatus 200, or may transmit the authentication result to the external device or software that sent the authentication request.
  • If the cognitive information-based authentication apparatus 200 is an authentication server for Single Sign-On (SSO), the cognitive information-based authentication apparatus 200 may transmit the result of authentication of the authentication target to the authentication request device that requested the authentication.
  • Also, the cognitive information-based authentication apparatus 200 may be combined with an existing authentication method such as an ID/password-based authentication method. In this case, if authentication information is lost, the cognitive information-based authentication apparatus 200 may authenticate the person who requested authentication using behavioral and contextual information about the person.
  • Also, when authentication information is exposed, if an unauthorized user or object requests authentication, the cognitive information-based authentication apparatus 200 may block the request of the unauthorized entity by comparing the behavioral and contextual information about an authorized user or object with that about the unauthorized entity. Accordingly, the cognitive information-based authentication apparatus 200 may overcome the difficulty whereby a device for inputting an ID/password must be installed in the object and the inconvenience whereby a user must input a password when authentication is requested.
  • Also, the cognitive information-based authentication apparatus 200 may be combined with an authentication token-based method. In this case, if a hardware authentication token is lost or is not carried, the cognitive information-based authentication apparatus 200 may perform temporary authentication by checking the behavioral and contextual information about the person who requested authentication.
  • Also, when information about a software authentication token is lost or exposed, the cognitive information-based authentication apparatus 200 performs authentication using behavioral and contextual information, whereby temporary authentication may be performed for a normal authorized user and authentication requests by unauthorized users may be prevented.
  • Here, the cognitive information-based authentication apparatus 200 may overcome problems that may occur when an existing token-based authentication system is used, for example, problems related to the cost of constructing a specialized authentication system, the cost of managing the system, the need to issue a great number of authentication tokens with an increase in users, and the like.
  • Also, the cognitive information-based authentication apparatus 200 may perform authentication in combination with a biometric authentication method. Here, if the integrity of the biometric information about a user, which has been registered in a biometric authentication system, is damaged, the cognitive information-based authentication apparatus 200 may temporarily authenticate the normal user by performing authentication using behavioral and contextual information about the authentication target before the normal user newly registers his or her biometric information.
  • Also, the cognitive information-based authentication apparatus 200 may be combined with an existing authentication method, such as a two-channel service of Internet banking services in order to provide multi-factor authentication, thus providing convenience to a user who requests authentication.
  • Hereinafter, a cognitive information generation method performed by a cognitive information-based authentication apparatus according to an embodiment of the present invention will be described in detail with reference to FIG. 4.
  • FIG. 4 is a flowchart illustrating a method for generating cognitive information according to an embodiment of the present invention.
  • First, a cognitive information-based authentication apparatus 200 collects big data at step S410.
  • The cognitive information-based authentication apparatus 200 may collect big data such as the location of a user or an object, information collected using signals from nearby beacons, information about access networks, the type of a device used to collect information, the movement speed, displacement, information about communication with nearby devices, environmental factors such as temperature and humidity in the area, variation in environmental factors, information about the circumstances, and the like. The big data may be individually identifiable information or may be information about circumstances linked to the individually identifiable information.
  • Here, the cognitive information-based authentication apparatus 200 may collect big data using collection modules, which may measure and collect information about the surrounding environment or circumstances, such as various environment sensors, a location sensor, a photo-sensor, a recognition sensor, and the like. Also, the cognitive information-based authentication apparatus 200 may collect big data from users and objects through communication networks.
  • Then, the cognitive information-based authentication apparatus 200 generates cognitive information at step S420.
  • The cognitive information-based authentication apparatus 200 generates cognitive information by processing the collected big data. Here, if the big data are collected from multiple devices, the cognitive information-based authentication apparatus 200 assigns an identification code to each of the devices, and may generate big data to which the identification code is assigned.
  • When the cognitive information-based authentication apparatus 200 collects big data from users and objects, the cognitive information-based authentication apparatus 200 may map the generated cognitive information to information about the users and objects.
  • Subsequently, the cognitive information-based authentication apparatus 200 stores the generated cognitive information at step S430.
  • The cognitive information-based authentication apparatus 200 stores the cognitive information in the form of a digitized database.
  • Here, the cognitive information-based authentication apparatus 200 may check whether the cognitive information is collected normally, and may then store the cognitive information by performing step S430, which will be described later, only when the cognitive information is determined to have been collected normally.
  • The cognitive information-based authentication apparatus 200 may store the big data so as to be mapped to the authentication target. Also, the cognitive information-based authentication apparatus 200 checks the continuity and correlation between cognitive information, which was previously collected and stored, and the generated cognitive information, and may store the generated cognitive information only when it is determined that there is validity between the generated cognitive information and the stored cognitive information.
  • Here, the cognitive information-based authentication apparatus 200 may check the validity between the generated cognitive information and the stored cognitive information through various validation methods, for example, by checking the validity of displacement between the stored cognitive information and the generated cognitive information, the consistency of identification information about objects around an authentication target corresponding to the cognitive information, the consistency of information about the surroundings, the consistency of the behavior of the authentication target and the context of the connected device, information about the comparison of temperature in stored cognitive information with the mean of the variation of temperature in the current location, and the like.
  • FIG. 5 is a block diagram illustrating a computer system according to an embodiment of the present invention.
  • Referring to FIG. 5, an embodiment of the present invention may be implemented in a computer system 500 such as a computer-readable recording medium. As illustrated in FIG. 5, the computer system 500 may include one or more processors 510, memory 530, a user interface input device 540, a user interface output device 550, and storage 560, which communicate with each other via a bus 520. Also, the computer system 500 may further include a network interface 570 connected to a network 580. The processor 510 may be a central processing unit or a semiconductor device for executing processing instructions stored in the memory 530 or storage 560. The memory 530 and the storage 560 may be various types of volatile or nonvolatile storage media. For example, the memory may include ROM 531 or RAM 532.
  • Therefore, the embodiment of the present invention may be implemented as a method implemented by a computer or a non-volatile computer-readable medium in which instructions executable by a computer are recorded. When computer-readable instructions are executed by a processor, the computer-readable instructions may perform the method according to at least one aspect of the present invention.
  • According to the present invention, an authentication service may be provided more conveniently and effectively than a conventional authentication method.
  • Also, according to the present invention, using big data, mutual authentication service between users, between a user and an object, and between objects may be provided.
  • Also, according to the present invention, secure authentication may be provided by using behavioral and contextual information as authentication information.
  • Also, according to the present invention, problems attributable to loss, exposure, and damage of authentication information in an existing authentication method may be overcome, whereby temporary authentication may be provided and authentication of unauthorized entities may be prevented.
  • Also, according to the present invention, in combination with an existing authentication method, more effective and secure authentication service may be provided.
  • As described above, the apparatus and method for authentication based on cognitive information according to the present invention are not limitedly applied to the configurations and operations of the above-described embodiments, but all or some of the embodiments may be selectively combined and configured so that the embodiments may be modified in various ways.

Claims (20)

What is claimed is:
1. An authentication apparatus based on cognitive information, comprising:
an authentication request reception unit for receiving a request to authenticate an authentication target;
a behavioral and contextual information collection unit for collecting behavioral and contextual information corresponding to the authentication target;
a cognitive information extraction unit for extracting cognitive information corresponding to the request from previously stored big data; and
an authentication processing unit for authenticating the authentication target in consideration of the behavioral and contextual information based on extracted cognitive information.
2. The authentication apparatus of claim 1, wherein the authentication processing unit is configured to authenticate the authentication target by determining at least one of continuity, authenticity, validity, and correctness of the behavioral and contextual information.
3. The authentication apparatus of claim 2, wherein the authentication processing unit determines the continuity of the behavioral and contextual information in consideration of at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether a number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
4. The authentication apparatus of claim 2, wherein the authentication processing unit determines the authenticity of the behavioral and contextual information in consideration of whether the behavioral and contextual information is authentic information such that a change in the behavioral and contextual information is equal to or less than a threshold variation.
5. The authentication apparatus of claim 2, wherein the authentication processing unit determines the validity of the behavioral and contextual information by comparing a result of a change in the behavioral and contextual information with a result of a prediction corresponding to the behavioral and contextual information.
6. The authentication apparatus of claim 2, wherein the authentication processing unit determines the correctness by checking whether a change in a pattern of the behavioral and contextual information is correct based on the extracted cognitive information.
7. The authentication apparatus of claim 1, wherein the previously stored big data are collected using at least one of a location sensor, a beacon signal collection sensor, a bio-signal collection sensor, and an environment sensor, or the previously stored big data are at least one of a kind of a network, a kind of an access network, and information about execution of an application, corresponding to the authentication target.
8. The authentication apparatus of claim 1, wherein the authentication target is at least one of a user to be authenticated and a device to be authenticated.
9. The authentication apparatus of claim 1, further comprising,
an authentication result output unit for outputting a result of authentication of the authentication target.
10. The authentication apparatus of claim 1, wherein the authentication processing unit performs multi-factor authentication in combination with at least one of an ID/password-based authentication method, an authentication token-based authentication method, and a biometric authentication method.
11. An authentication method based on cognitive information, performed by an authentication apparatus based on cognitive information, the method comprising:
receiving a request to authenticate an authentication target;
collecting behavioral and contextual information corresponding to the authentication target;
extracting cognitive information corresponding to the request from previously stored big data; and
authenticating the authentication target in consideration of the behavioral and contextual information based on the extracted cognitive information.
12. The method of claim 11, wherein authenticating the authentication target is configured to authenticate the authentication target by determining at least one of continuity, authenticity, validity, and correctness of the behavioral and contextual information.
13. The method of claim 12, wherein authenticating the authentication target is configured to determine the continuity of the behavioral and contextual information in consideration of at least one of whether the behavioral and contextual information is continuously received for a time longer than a threshold time and whether a number of times that the behavioral and contextual information is received is equal to or greater than a threshold number of times.
14. The method of claim 12, wherein authenticating the authentication target is configured to determine the authenticity of the behavioral and contextual information in consideration of whether the behavioral and contextual information is authentic information such that a change in the behavioral and contextual information is equal to or less than a threshold variation.
15. The method of claim 12, wherein authenticating the authentication target is configured to determine the validity of the behavioral and contextual information by comparing a result of change in the behavioral and contextual information with a result of prediction corresponding to the behavioral and contextual information.
16. The method of claim 12, wherein authenticating the authentication target is configured to determine the correctness by checking whether a change in a pattern of the behavioral and contextual information is correct based on the extracted cognitive information.
17. The method of claim 12, wherein the previously stored big data are collected using at least one of a location sensor, a beacon signal collection sensor, a bio-signal collection sensor, and an environment sensor, or the previously stored big data are at least one of a kind of a network, a kind of an access network, and information about execution of an application, corresponding to the authentication target.
18. The method of claim 11, wherein the authentication target is at least one of a user to be authenticated and a device to be authenticated.
19. The method of claim 11, further comprising,
outputting a result of authentication of the authentication target.
20. The method of claim 11, wherein authenticating the authentication target is configured to authenticate the authentication target in combination with at least one of an ID/password-based authentication method, an authentication token-based authentication method, and a biometric authentication method.
US15/168,430 2016-04-05 2016-05-31 Apparatus and method for authentication based on cognitive information Active 2036-12-25 US10805285B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020160041453A KR101777389B1 (en) 2016-04-05 2016-04-05 Apparatus and method for authentication based cognitive information
KR10-2016-0041453 2016-04-05

Publications (2)

Publication Number Publication Date
US20170289130A1 true US20170289130A1 (en) 2017-10-05
US10805285B2 US10805285B2 (en) 2020-10-13

Family

ID=56097000

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/168,430 Active 2036-12-25 US10805285B2 (en) 2016-04-05 2016-05-31 Apparatus and method for authentication based on cognitive information

Country Status (4)

Country Link
US (1) US10805285B2 (en)
EP (1) EP3229163B1 (en)
JP (1) JP2017188056A (en)
KR (1) KR101777389B1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190342298A1 (en) * 2018-05-02 2019-11-07 Samsung Electronics Co., Ltd. System and method for resource access authentication
US10785147B2 (en) * 2017-07-03 2020-09-22 Fujitsu Limited Device and method for controlling route of traffic flow
US10805285B2 (en) * 2016-04-05 2020-10-13 Electronics And Telecommunications Research Institute Apparatus and method for authentication based on cognitive information
US11343641B2 (en) 2018-05-21 2022-05-24 Carrier Corporation Methods for learning deployment environment specific features for seamless access

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021125572B9 (en) * 2021-10-01 2023-08-03 Uwe Leibrecht Method for performing an authentication process by an individual system user

Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040083394A1 (en) * 2002-02-22 2004-04-29 Gavin Brebner Dynamic user authentication
US20050105731A1 (en) * 1999-06-03 2005-05-19 Gemplus Pre-control of a program in an additional chip card of a terminal
US20090260075A1 (en) * 2006-03-28 2009-10-15 Richard Gedge Subject identification
US20100134250A1 (en) * 2008-12-02 2010-06-03 Electronics And Telecommunications Research Institute Forged face detecting method and apparatus thereof
US20100150049A1 (en) * 2007-12-14 2010-06-17 Electronics And Telecommunications Research Institute bearer control and management method in the ip-based evolved mobile communication network
US8036350B2 (en) * 2004-06-30 2011-10-11 Movius Interactive Corp Audio chunking
US20110252464A1 (en) * 2010-04-12 2011-10-13 Cellco Partnership D/B/A Verizon Wireless Authenticating a mobile device based on geolocation and user credential
US20120198489A1 (en) * 2006-04-10 2012-08-02 International Business Machines Corporation Detecting fraud using set-top box interaction behavior
US20130254875A1 (en) * 2012-03-23 2013-09-26 Computer Associates Think, Inc. System and Method for Risk Assessment of Login Transactions Through Password Analysis
US20140316984A1 (en) * 2013-04-17 2014-10-23 International Business Machines Corporation Mobile device transaction method and system
US20150033305A1 (en) * 2013-03-15 2015-01-29 Advanced Elemental Technologies, Inc. Methods and systems for secure and reliable identity-based computing
US20150244699A1 (en) * 2014-02-21 2015-08-27 Liveensure, Inc. Method for peer to peer mobile context authentication
US20150242605A1 (en) * 2014-02-23 2015-08-27 Qualcomm Incorporated Continuous authentication with a mobile device
US20150242601A1 (en) * 2014-02-23 2015-08-27 Qualcomm Incorporated Trust broker authentication method for mobile devices
US20150381598A1 (en) * 2014-06-30 2015-12-31 International Business Machines Corporation Queue management and load shedding for complex authentication schemes
US20160006730A1 (en) * 2014-07-07 2016-01-07 International Business Machines Corporation Correlating cognitive biometrics for continuous identify verification
US20160021081A1 (en) * 2014-07-15 2016-01-21 Verizon Patent And Licensing Inc. Mobile device user authentication based on user behavior information
US9251327B2 (en) * 2011-09-01 2016-02-02 Verizon Patent And Licensing Inc. Method and system for providing behavioral bi-directional authentication
US20160134634A1 (en) * 2013-06-20 2016-05-12 Sms Passcode A/S Method and system protecting against identity theft or replication abuse
US20160182503A1 (en) * 2014-12-18 2016-06-23 Sri International Continuous authentication of mobile device users
US20170091450A1 (en) * 2010-11-29 2017-03-30 Biocatch Ltd. System, device, and method of detecting malicious automatic script and code injection
US9619852B2 (en) * 2012-04-17 2017-04-11 Zighra Inc. Context-dependent authentication system, method and device
US20170230418A1 (en) * 2016-02-04 2017-08-10 Amadeus S.A.S. Monitoring user authenticity
US20170230417A1 (en) * 2016-02-04 2017-08-10 Amadeus S.A.S. Monitoring user authenticity in distributed system
US10108791B1 (en) * 2015-03-19 2018-10-23 Amazon Technologies, Inc. Authentication and fraud detection based on user behavior
US20180309752A1 (en) * 2017-04-20 2018-10-25 Adp, Llc Enhanced security authentication system

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7644275B2 (en) * 2003-04-15 2010-01-05 Microsoft Corporation Pass-thru for client authentication
EP1542430A1 (en) * 2003-12-09 2005-06-15 Siemens Aktiengesellschaft Method and arrangement for automated predictive presence service
KR100677669B1 (en) 2005-07-12 2007-02-02 μž¬λ‹¨λ²•μΈμ„œμšΈλŒ€ν•™κ΅μ‚°ν•™ν˜‘λ ₯μž¬λ‹¨ Apparatus and method for generating a pattern for behavior-based User Authentication
US20060280339A1 (en) 2005-06-10 2006-12-14 Sungzoon Cho System and method for performing user authentication based on keystroke dynamics
KR100847532B1 (en) * 2006-04-06 2008-07-21 μž¬λ‹¨λ²•μΈμ„œμšΈλŒ€ν•™κ΅μ‚°ν•™ν˜‘λ ₯μž¬λ‹¨ User terminal and authenticating apparatus used for user authentication using information of user's behavior pattern
US9246899B1 (en) * 2008-03-03 2016-01-26 Jpmorgan Chase Bank, N.A. Authentication and interaction tracking system and method
KR20100063395A (en) 2008-12-03 2010-06-11 ν•œκ΅­μ „μžν†΅μ‹ μ—°κ΅¬μ› System and method for user authentication using locality and behavior patterns
KR101211927B1 (en) 2008-12-18 2012-12-13 ν•œκ΅­μ „μžν†΅μ‹ μ—°κ΅¬μ› Apparatus and method for authentication utilizing the device information at the ubiquitous environment
US8745698B1 (en) * 2009-06-09 2014-06-03 Bank Of America Corporation Dynamic authentication engine
US20110078004A1 (en) * 2009-09-25 2011-03-31 Swanson International Inc. Systems, methods and apparatus for self directed individual customer segmentation and customer rewards
US20110148633A1 (en) 2009-12-21 2011-06-23 Kohlenberg Tobias M Using trajectory for authentication
US8407144B2 (en) * 2010-03-18 2013-03-26 The Western Union Company Vehicular-based transactions, systems and methods
JP2011198170A (en) 2010-03-23 2011-10-06 Oki Software Co Ltd System and server for identifying user, mobile device, user identifying program, and program of mobile device
US20110314558A1 (en) * 2010-06-16 2011-12-22 Fujitsu Limited Method and apparatus for context-aware authentication
JP2013097650A (en) 2011-11-02 2013-05-20 Bank Of Tokyo-Mitsubishi Ufj Ltd Authentication system, authentication method and authentication server
US8863243B1 (en) 2012-04-11 2014-10-14 Google Inc. Location-based access control for portable electronic device
US9654977B2 (en) 2012-11-16 2017-05-16 Visa International Service Association Contextualized access control
US10325259B1 (en) * 2014-03-29 2019-06-18 Acceptto Corporation Dynamic authorization with adaptive levels of assurance
KR102422372B1 (en) * 2014-08-29 2022-07-19 μ‚Όμ„±μ „μž μ£Όμ‹νšŒμ‚¬ Authentication method and device using biometric information and context information
GB2534400A (en) * 2015-01-22 2016-07-27 Vodafone Ip Licensing Ltd User Verification
CN108431698A (en) * 2015-10-23 2018-08-21 θ₯Ώη»΄ε…‹ζ–―ζŽ§θ‚‘ζœ‰ι™θ΄£δ»»ε…¬εΈ The system and method being authenticated using mobile device
US10693855B1 (en) * 2016-03-31 2020-06-23 EMC IP Holding Company LLC Fraud detection
US10200364B1 (en) * 2016-04-01 2019-02-05 Wells Fargo Bank, N.A. Enhanced secure authentication
KR101777389B1 (en) * 2016-04-05 2017-09-26 ν•œκ΅­μ „μžν†΅μ‹ μ—°κ΅¬μ› Apparatus and method for authentication based cognitive information
US20170357980A1 (en) * 2016-06-10 2017-12-14 Paypal, Inc. Vehicle Onboard Sensors and Data for Authentication
US10523708B1 (en) * 2019-03-18 2019-12-31 Capital One Services, Llc System and method for second factor authentication of customer support calls

Patent Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050105731A1 (en) * 1999-06-03 2005-05-19 Gemplus Pre-control of a program in an additional chip card of a terminal
US20040083394A1 (en) * 2002-02-22 2004-04-29 Gavin Brebner Dynamic user authentication
US8036350B2 (en) * 2004-06-30 2011-10-11 Movius Interactive Corp Audio chunking
US20090260075A1 (en) * 2006-03-28 2009-10-15 Richard Gedge Subject identification
US20120198489A1 (en) * 2006-04-10 2012-08-02 International Business Machines Corporation Detecting fraud using set-top box interaction behavior
US20100150049A1 (en) * 2007-12-14 2010-06-17 Electronics And Telecommunications Research Institute bearer control and management method in the ip-based evolved mobile communication network
US20100134250A1 (en) * 2008-12-02 2010-06-03 Electronics And Telecommunications Research Institute Forged face detecting method and apparatus thereof
US20110252464A1 (en) * 2010-04-12 2011-10-13 Cellco Partnership D/B/A Verizon Wireless Authenticating a mobile device based on geolocation and user credential
US20170091450A1 (en) * 2010-11-29 2017-03-30 Biocatch Ltd. System, device, and method of detecting malicious automatic script and code injection
US9251327B2 (en) * 2011-09-01 2016-02-02 Verizon Patent And Licensing Inc. Method and system for providing behavioral bi-directional authentication
US20130254875A1 (en) * 2012-03-23 2013-09-26 Computer Associates Think, Inc. System and Method for Risk Assessment of Login Transactions Through Password Analysis
US9619852B2 (en) * 2012-04-17 2017-04-11 Zighra Inc. Context-dependent authentication system, method and device
US20150033305A1 (en) * 2013-03-15 2015-01-29 Advanced Elemental Technologies, Inc. Methods and systems for secure and reliable identity-based computing
US20140316984A1 (en) * 2013-04-17 2014-10-23 International Business Machines Corporation Mobile device transaction method and system
US20160134634A1 (en) * 2013-06-20 2016-05-12 Sms Passcode A/S Method and system protecting against identity theft or replication abuse
US20150244699A1 (en) * 2014-02-21 2015-08-27 Liveensure, Inc. Method for peer to peer mobile context authentication
US20150242601A1 (en) * 2014-02-23 2015-08-27 Qualcomm Incorporated Trust broker authentication method for mobile devices
US20150242605A1 (en) * 2014-02-23 2015-08-27 Qualcomm Incorporated Continuous authentication with a mobile device
US20150381598A1 (en) * 2014-06-30 2015-12-31 International Business Machines Corporation Queue management and load shedding for complex authentication schemes
US20160006730A1 (en) * 2014-07-07 2016-01-07 International Business Machines Corporation Correlating cognitive biometrics for continuous identify verification
US20160021081A1 (en) * 2014-07-15 2016-01-21 Verizon Patent And Licensing Inc. Mobile device user authentication based on user behavior information
US20160182503A1 (en) * 2014-12-18 2016-06-23 Sri International Continuous authentication of mobile device users
US10108791B1 (en) * 2015-03-19 2018-10-23 Amazon Technologies, Inc. Authentication and fraud detection based on user behavior
US20170230418A1 (en) * 2016-02-04 2017-08-10 Amadeus S.A.S. Monitoring user authenticity
US20170230417A1 (en) * 2016-02-04 2017-08-10 Amadeus S.A.S. Monitoring user authenticity in distributed system
US20180309752A1 (en) * 2017-04-20 2018-10-25 Adp, Llc Enhanced security authentication system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10805285B2 (en) * 2016-04-05 2020-10-13 Electronics And Telecommunications Research Institute Apparatus and method for authentication based on cognitive information
US10785147B2 (en) * 2017-07-03 2020-09-22 Fujitsu Limited Device and method for controlling route of traffic flow
US20190342298A1 (en) * 2018-05-02 2019-11-07 Samsung Electronics Co., Ltd. System and method for resource access authentication
US11985132B2 (en) * 2018-05-02 2024-05-14 Samsung Electronics Co., Ltd. System and method for resource access authentication
US11343641B2 (en) 2018-05-21 2022-05-24 Carrier Corporation Methods for learning deployment environment specific features for seamless access

Also Published As

Publication number Publication date
JP2017188056A (en) 2017-10-12
EP3229163A1 (en) 2017-10-11
EP3229163B1 (en) 2019-11-06
KR101777389B1 (en) 2017-09-26
US10805285B2 (en) 2020-10-13

Similar Documents

Publication Publication Date Title
CN109711133B (en) Identity information authentication method and device and server
US10805285B2 (en) Apparatus and method for authentication based on cognitive information
KR102511364B1 (en) Vehicle parking area access management system and method
US11238431B2 (en) Credit payment method and apparatus based on card emulation of mobile terminal
CN107679861B (en) Resource transfer method, fund payment method, device and electronic equipment
US11228601B2 (en) Surveillance-based relay attack prevention
RU2702076C2 (en) Authentication in distributed environment
WO2021021373A1 (en) Self-sovereign identity systems and methods for identification documents
CN110009776B (en) Identity authentication method and device
WO2019149057A1 (en) Method and apparatus for paying bus fare, and device
CN112995998B (en) Method, computer system and computer readable medium for providing secure authentication mechanism
US20200334430A1 (en) Self-sovereign identity systems and methods for identification documents
KR20150079232A (en) Wireless lan apparatus and vehicle authentiction method using the wireless lan apparatus
KR20170001864A (en) System and method for verifying validity of digital image
US20210319440A1 (en) System for performing a validity check of a user device
JP5200978B2 (en) Credit judgment system, in-vehicle device and credit judgment method
KR101915765B1 (en) Biometric authentication apparatus for detecting user authentication using forged biometric information
Krishna et al. Automatic fare collection system for public transport corporation using fingerprint recognition with help of UIDAI
RU2799096C2 (en) Method and device for authentication of personal information and server
EP4332925A1 (en) Methods and systems for a person and/or a vehicle
RU2705880C1 (en) Method of making payments when a vehicle enters a toll zone
US11288716B1 (en) Systems and methods for digital wallet transit payments
KR20170124451A (en) Method for issuing public transportation ticket
CN116644823A (en) Reservation cash taking system and method
JP2007004827A (en) Mobile body mounting equipment system

Legal Events

Date Code Title Description
AS Assignment

Owner name: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE, KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PARK, CHEOLYONG;YOON, HANJUN;REEL/FRAME:038749/0881

Effective date: 20160520

Owner name: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTIT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PARK, CHEOLYONG;YOON, HANJUN;REEL/FRAME:038749/0881

Effective date: 20160520

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4